Insights on the product, technology trends and the Streaming Media Business from Team AMS @ Adobe

Posts in Category "Content Protection"

When MP3s first came on the scene, some industry observers doubted they would ever catch on because, so the argument went, music lovers would not trade the “physical experience” of a record or CD for the empty, unsatisfying experience of a virtual good that could be electronically downloaded. Well, we know how that one turned out for music.

The video download business, on the other hand, has not fully made that transition. Sure, people do download movies, from both legitimate and illegitimate sources, but the vast majority of video distribution (in the broadest sense of the world) outside of cable/satellite is still based on physical goods, whether rented at the supermarket or bought out of the back of a van.

With increasing bandwidth, emerging media home networking standards, and ever-lower storage costs, it would seem that we are on the verge of the “download-to-own” and “download-to-rent” markets taking off, right? Well we’ve been on the verge for a while now, and I don’t think it’s a matter of technology. What if that’s the wrong model for video content?

In the meantime, streaming has emerged as the distribution model of choice for short-form video, including user-generated content: YouTube serves 1B streams per day. Increasingly, streaming video is also extending to TV programs and feature film, ie professionally-produced, long-form content. In the US, Hulu alone sources roughly 1 billion streams per month. Traditional broadcasters around the world (including the BBC) are also getting in on the action, with TV Everywhere, Catch-up TV and Over-the-top being variations on a common theme.

As more and more consumer electronics devices have built-in Internet access, whether it’s a $69 broadband box or a $1,000 Connected TV, we are getting to the point where accessing content in the cloud is not only technically feasible, it is just much more convenient. No longer having to move files around, I can access the content wherever I may roam.

There is still much room for business model innovation. “Paywall” seems to be the buzzword of the month. (Whatever happened to “subscription”?) Time-based access such as rental also lends itself to streaming. But there is also an opportunity to use streaming for content that users have “bought”, although not too many people seem to be using this model yet.

Think of it as a permanent right to access the content you’ve bought, without being burdened by moving files around. I call this the Ownwall. The greatest consumer benefit is that the content is available wherever there is an Internet connection — and these days, in most areas you need to try hard to go somewhere where there isn’t one.

A couple of industry initiatives like DECE and KeyChest are promoting the notion of a “rights locker” that keeps track of all the content you’ve bought. Maybe this is just me, but the term “rights locker” elicits some negative associations — smelly socks and athlete’s foot. What did my rights do wrong to get locked up? My reservations with the terminology aside, if successful these initiatives will represent a step in the right direction. (Nyuk, nyuk. Get it? The right direction. I crack myself up sometimes).

Consumers will be able to aggregate the content they purchase from any participating retailer and download it to their devices. DECE goes beyond this by defining their own media format and enabling content downloaded to one device to be side-loaded to another device, as long as it is in the user’s “domain” of approved devices. (Full disclosure: I represent Adobe in DECE; however, the description provided here is based on publicly available information.)

Now, if all content lives in the cloud and I can stream it to my notebook/netbook/tablet/smarphone/smartbook/connected TV/[add device not yet invented here], then maybe all of this could be a lot simpler. I could go around buying content, and have instant access to it on any Internet-enabled device. Interoperability is handled in the cloud, which is not as daunting as it sounds, since in practice there really aren’t that many complete platforms for video distribution out there.

But wait, there’s more: as the technology gets better (more interactivity, higher resolution, 3D, 4D, holodeck), so can my content experience. I don’t need to re-download, because I never downloaded in the first place; the next time I go to watch the movie, I am pleasantly surprised by the upgraded experience.

Most of this is possible today — well, maybe not the 4D stuff. There are still some open questions, such as “How can I be sure I can go back 20 years from now and still retrieve my content?” (I would answer that one with another question: do you use Gmail?) Or “What if I’m on a plane or in a submarine and can’t access the Internet?” (I say design for the main use case and accommodate the corner case, not the other way around.)

At the end of the day, consumers will provide the answer. As technology/content providers our role is to enable and experiment, and then let the market decide. What do you think will be the predominant model? Is ‘own-to-stream’ the new ‘download-to-own’?

As we discussed in a previous post, content protection is a key tool that can be used to monetize premium video online.

Adobe offers a couple of ways to achieve this; which one you use will depend on your specific needs, content and infrastructure. In this post, I describe some of these options at a high level, hopefully addressing some of the misconceptions (or is it FUD?) that exist out there.

For those of you who use Flash Media Server to stream content to Flash Player, in addition to advanced features such as Dynamic Streaming, you have the option of using the built-in content protection features. These are in very broad use today by some of the leading streaming content providers around the world, including Hulu, Amazon and M6.

The first of these features is RTMPE, the encrypted version of Adobe’s Real Time Media Protocol. RTMPE provides session-based protection, which means that all data between client and server is encrypted using a different key, which is negotiated for each “session”. RTMPE will encrypt all data that goes in the “pipe”, whether it’s video content, data or headers. This is used to block tools that intercept the stream or try to impersonate a valid client in order to make unauthorized use of the content, such as making an unprotected recording (aka ripping).

In addition, FMS also supports SWF Verification, which is used to limit playback of the content to only the video player applications (SWF) that have been authorized. This works best when used in combination with RTMPE: once a secure tunnel has been established between client and server, the Flash runtime computes a hash of the video playback SWF that’s running and then sends that hash securely to the server, where it is compared against a list of approved SWFs; if there’s no match, the connection is rejected.

If this isn’t your first time on this blog, you’ve probably seen other posts regarding Flash Access. To recap, Adobe Flash Access is an advanced content protection solution that we are rolling out in the first half of this year and will work with Flash Player 10.1 and AIR 2.0. (This product was initially launched under the name Flash Media Rights Management Server, but the 2.0 version will adopt the new name and a much improved architecture. FMRMS 1.5 is the current version, and is being used by the BBC for their iPlayer Desktop and by at least one major US studio.)

Unlike the features described above, content protection using Flash Access is not tied to FMS; while you can use both products together to get all the benefits of streaming plus advanced control over content consumption, you can also use each one independently. For instance, you can use Flash Access to protect progressive downloads or with the upcoming HTTP Dynamic Streaming (formerly “Project Zeri”).

With Flash Access, the operating principle is a bit different than with RTMPE. The content is persistently protected, ie it is encrypted once and remains protected wherever it goes. This makes it cache-friendly: whether the content is cached at the edge on the CDN or in the browser cache, it is encrypted and does not represent a security risk. Flash Access also allows you to define a number of usage rules, which are enforced by the client and can help support your business model, whether it’s video on demand, rental, subscription or download to own, to name a few of the more popular models out there.

This requires a few changes to the content workflow: encoded content must be run through a “packager” that encrypts the content. The packager is fileformat-aware: rather than blindly encrypt headers and metadata, it creates a valid file (e.g. F4V) with an encrypted payload. This means that the files can be streamed or downloaded like any other file over any protocol, whether it’s RTMPE, HTTP or something else.

However, once the content arrives in the player, you have the bits but not the rights to play the content. This triggers a request to a “license server”, hosted either by the content distributor or by a service provider on their behalf. The license server will only issue a content license, which contains the key necessary to play back the content, to clients “in good standing”, ie it will reject attempts from rogue clients.

SWF verification is also supported, but now the “whitelist” of approved SWFs can be included in the content license and is enforced by the client. All the the really sensitive operations, such as cryptographic operations or rules enforcement, happens in the native code in the runtime where it is difficult to hack. The application or ActionScript code acts as a sort of remote control, triggering operations such as license acquisition and registering to receive events that may be surfaced to the user.

I hope this provides a good overview and helps identify when each technology may be most appropriate. If you’d like to learn more about the content protection features in FMS, check out the article on Adobe Developer Connection. You can also find more details about Flash Access, including an in-depth whitepaper, on our Flash Access product page.